Two-step authentication, the process whereby you use more than just a password to verify an account, is increasingly an important security tool desired by not just enterprise but consumers. Google has had with Gmail for a few years now, and Microsoft is on the cusp of releasing their version as well.

LiveSide.net is reporting that the service will be integrated into existing Microsoft Accounts (Outlook.com, Hotmail, etc.) though those with linked accounts may have to un-link and the re-link them to get it to work.

Interestingly, the app for this feature is already on the Store for all Windows Phone devices (7.x and 8), and it will serve as the conduit to generate these codes. For those who use Gmail, you may be used to having “verification codes” texted to you, which can be problematic if traveling or switching SIMs (Google does provide fallbacks though). With the Authenticator app, once linked to your account you will be able to generate security codes for account access which will then be verified for by Microsoft before you can login from a non-trusted PC.

The whole system seems quite easy to use (once it goes live), and it should bring Microsoft up to speed with those who demand more in security than a simple password.

You can download the Authenticator app for Windows Phone here, though without the corresponding service enabled by Microsoft on your Account, it’s of little use at the moment.

Thank you! Its about time. The 2 step authentication with Gmail is the one area where I admitted Gmail was better than Live mail. One of my wifes Live accounts just got hacked a week ago. Granted her password was pretty week. But its a nor brainer than this service should be implemented and keep people from logging into my account from Nigeria without entering a code of some kind.

MS already uses something similar to this within their SkyDrive in order to access your pc if you're away from home. I get a text with a code and that allows me to access my home pc files from work. Or have i missed the point? UK

Anyone else miffed by the standard default loading screen of the new app by Microsoft?
Microsoft guide for apps pointedly say to not use the default loading screen for all 3rd party apps and sometimes even mocks them but still they themselves use it.

Why would you need text for using GMail 2 factor authentication? There are multiple third party apps in WP marketplace(one such is Authenticator 3rd party app) which already supported GMail code generation. Just select Android as your phone in GMail settings, get the key and add it manually in the app.
Also most such apps support Facebook, Dropbox and other services which uses a common standard for generating codes as well.
In Facebook, just select Android and click the "Having problem?" link in the next screen which will get you the key. In Dropbox, it's straight forward.

Edit: Just noticed that Microsoft also supports the common standard. Yay! All good for a single app. You don't even need the new Microsoft app if you already use any 3rd party app. Or you can migrate all everything to this new app by Microsoft.

Understand your concern and respect your decision. Everyone is not me.
I myself is little paranoid but this third party app getting hold of my password is very slim and I'm not giving my password to them just the key. Both needs to be available to them to access my account. Also, I don't give my email address or service name to the app. Just A, B, C as the identifiers. Chance of them matching the code to a single email address is almost impossible unless they have other ways of knowing my email address.
But if you use the email address in the app, and they upload the email address and keys to some public database or something where hackers can cross reference the codes after they get hold of your password somehow, I see your concern. But to be honest, it's a very stretch.

How much would it suck if that a major player that goes to two-step process for their services *cough* Google *cough* and then refused to make an app for say... Windows Phone...

I can already seeing this being a headache with all the different little apps that will be part of the authentication process. I already have a Blizzard Authenticator for SC2... Who knows how many of these apps will exist in the future...

Yes, that's what I'm talking about. I'd rather the phone really supported two-factor, as opposed to the app passwords. Needing a bunch of app-passwords that bypass two-factor defeat the purpose of two-factor authentication in the first place.